Date: Sun, 13 Dec 1998 21:06:35 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Eivind Eklund <eivind@yes.no>, Don Lewis <Don.Lewis@tsc.tdk.com>, hackers@FreeBSD.ORG Subject: Re: adding policy tuning knobs to my F_SETOWN/SIGIO/SIGURG enhancements Message-ID: <199812140506.VAA25327@salsa.gv.tsc.tdk.com> In-Reply-To: Eivind Eklund <eivind@yes.no> "Re: adding policy tuning knobs to my F_SETOWN/SIGIO/SIGURG enhancements" (Dec 13, 5:50pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 13, 5:50pm, Eivind Eklund wrote: } Subject: Re: adding policy tuning knobs to my F_SETOWN/SIGIO/SIGURG enhanc } On Sun, Dec 13, 1998 at 12:28:56AM -0800, Don Lewis wrote: } > } > My previous security enhancements to the F_SETOWN/SIGIO/SIGURG in the 3.0 } > kernel code made some policy decisions that were hard-wired into the code } > but were commented in case someone needed to change them. I've decided } > that would be good to allow the security policy to be tuned using some } > sysctl knobs. } } Why? What benefits does the ability to relax permissions on this } give? I can see the use for tuning 'em up, but not really down... Originally things were wide open, and all the other BSD's (and other *nix flavors so far as I know) probably still are (except for possibly the credential check). There may be a few folks out there with crazy applications that require the old behaviour and I'd hate to disenfranchise them or require them to make hand modifications to kernel code. There may be situations where it is appropriate to disable the credential check now that the F_SETOWN argument can be restricted and the pid wraparound bug is gone. The patch I posted also tightens the default by a notch and I was confortable doing it because I also provided a knob to loosen it again. I'm treating this a warmup for another security enhancement I want to make which may have some security versus standards-conformance conflicts. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812140506.VAA25327>